CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2020-36175 MEDIUM
Ninja Forms < 3.4.27.1 - Input Validation Bypass via Email Field
CVSS 5.3
CVE-2020-27844 HIGH
openjpeg < 2.4.0 - Out-of-Bounds Write via Crafted Input
CVSS 7.8
CVE-2020-25275 HIGH
Dovecot < 2.3.13 - Denial of Service via Crafted Email with MIME Parts
CVSS 7.5
CVE-2020-35493 MEDIUM
binutils < 2.34 - Heap Buffer Overflow via Crafted PEF File
CVSS 5.5
CVE-2020-26291 MEDIUM
URI.js <1.19.4 - Hostname Spoofing via Backslash-At URL Parsing
CVSS 6.5
CVE-2020-35789 HIGH
NETGEAR NMS300 Firmware < 1.6.0.27 - Authenticated OS Command Injection
CVSS 8.8
CVE-2020-35616 HIGH
Joomla! 1.7.0-3.9.22 - Write ACL Violation via Improper Input Validation
CVSS 7.5
CVE-2020-14273 HIGH
HCL Domino - Unauthenticated Denial of Service via Public API Input
CVSS 7.5
CVE-2020-9137 MEDIUM
Huawei CloudEngine 12800, 5800, 6800, and 7800 Firmware - Privilege Escalation via Insufficient Input Validation
CVSS 6.7
CVE-2020-27727 MEDIUM
BIG-IP 13.1.0-13.1.3.4, 14.1.0-14.1.3, 15.1.0-15.1.0.5, 16.0.0-16.0.0.1 - Authenticated Arbitrary File Read
CVSS 4.9
CVE-2020-2504 MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
CVSS 5.8
CVE-2020-27338 MEDIUM
Treck IPv6 <6.0.1.68 - Buffer Overflow
CVSS 5.9
CVE-2020-27337 HIGH
Treck IPv6 <6.0.1.68 - Memory Corruption
CVSS 7.3
CVE-2020-27336 LOW
Treck IPv6 <6.0.1.68 - Info Disclosure
CVSS 3.7
CVE-2020-24679 HIGH
ABB Symphony+ Historian and Operations - Denial of Service and Remote Code Execution via Crafted Messages
CVSS 7.5
CVE-2020-14231 HIGH
HCL Client Application Access v9 - Authenticated Stack Buffer Overflow via Input Parameter Handling
CVSS 8.8
CVE-2020-35623 HIGH
MediaWiki <1.35.1 - Privilege Escalation
CVSS 7.5
CVE-2020-3999 MEDIUM
VMware Workstation 15.0.0-15.5.6 and Fusion 11.5.0-11.5.6 - Denial of Service via GuestInfo Input Validation
CVSS 6.5
CVE-2020-27687 HIGH
ThingsBoard < 3.2 - Host Header Injection in Password-Reset Emails
CVSS 8.8
CVE-2020-27154 HIGH
Mitel BusinessCTI Enterprise - Info Disclosure
CVSS 8.8
CVE-2020-25611 MEDIUM
Mitel MiCollab < 9.2 - Cross-Site Scripting in AWV Portal
CVSS 6.1
CVE-2020-25608 HIGH
Mitel MiCollab < 9.2 - SQL Injection via SAS Portal
CVSS 7.2
CVE-2020-25606 MEDIUM
Mitel MiCollab < 9.2 - Cross-Site Scripting in AWV Component
CVSS 6.1
CVE-2020-7838 HIGH
Smilegate STOVE Client <0.0.4.72 - RCE
CVSS 8.8
CVE-2020-12521 MEDIUM
Phoenix Contact PLCnext Control Devices <2021.0 LTS - DoS
CVSS 6.5
Details
Vulnerabilities 12,563
Exploit Likelihood High